LDAP System Administration [Electronic resources] نسخه متنی

This is a Digital Library

With over 100,000 free electronic resource in Persian, Arabic and English

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

LDAP System Administration [Electronic resources] - نسخه متنی

Gerald Carter

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Table of Contents

Index

Reviews

Reader Reviews

Errata

LDAP System Administration

By Gerald Carter

Publisher : O''''Reilly

Pub Date : March 2003

ISBN : 1-56592-491-6

Pages : 308

If you want to be a master of your domain, LDAP System Administration will help you get up and running quickly regardless of which LDAP version you use. After reading this book, even with no previous LDAP experience, you''''ll be able to integrate a directory server into essential network services such as mail, DNS, HTTP, and SMB/CIFS.
توضیحات
افزودن یادداشت جدید










5.5 Creating Custom Schema Files for slapd


There are times when the standard
schema files distributed with your LDAP server
don't meet the needs of your application. Creating a
custom schema file for OpenLDAP is a simple process:


Assign a unique OID for all new attribute types and object classes.


Create the schema file and include it in
slapd.conf.



It's also possible to create
alternate schema
syntaxes and matching rules, but implementing them is beyond the
scope of this book; typically, they require implementing a plug-in
for the directory server or modifying the server's
source code. For more information on this process, you should consult
the OpenLDAP source code or your vendor's
documentation for other directory servers.

Chapter 2 described how to obtain a private
enterprise number from IANA (see the form at http://www.iana.org/cgi-bin/enterprise.pl and
RFC 3383). When creating new attributes or object classes, it is a good
idea to use an OID that is guaranteed to be
unique, whether or not the schema will ever be used outside of your
organization. The best way to guarantee that the OID is unique is to
obtain a private enterprise number and place all
your definitions under that number.

For example, suppose that an LDAP client application requires a new
object class based on person. This new object
class should contain all of the attributes possessed by the
person object, with the addition of the
userPassword and mail
attributes.

In order to create this new object, I have allocated the OID arc of
1.3.6.1.4.1.7165.1.1.1 for the new object classes:

iso (1) 
org (3) 
dod (6) 
internet (1) 
private (4) 
enterprise (1) 
SAMBA.org (7165) 
plainjoe.org (1)
O'Reilly LDAP Book(1)

The private enterprise number 7165 has been issued by IANA for use by
the Samba developers, the 7165.1 arc has been allocated to the
plainjoe.org domain, and 7165.1.1 has been set aside for this book; I
can't touch the numbers above 7165.1 in the tree,
but I have complete freedom to assign numbers below it as I see fit.
I've chosen to allocate 7165.1.1.1 to
ldap object classes that I create and 7165.1.1.2
for new attributes. I could put my new objects directly under
plainjoe.org, but that might cause problems if I want to create other
kinds of objects (for example, private SNMP MIBs):

SAMBA.org (7165) 
plainjoe.org (1)
O'Reilly LDAP Book(1)
|-- objectclasses  (1)
|-- attributeTypes (2)

Let's call the new object
plainjoePerson. Add the following definition to a
custom schema file named plainjoe.schema;
you'll use this file for all custom objects that you
define.

## objectclass definition for 'plainjoePerson' depends on core.schema.
objectclass ( 1.3.6.1.4.1.7165.1.1.1.1 NAME 'plainjoePerson' 
SUP person STRUCTURAL
MUST (userPassword $ mail) )

LDAP's object
inheritance
allows this new object to reuse the existing characteristics of
person; you need to add only the new required
attributes. If new attributes are defined as well, they must be
defined prior to their use in the plainjoePerson
object. The new object has to be defined as
STRUCTURAL since it is derived from a structural
class.

New attributes can be defined in the same way or even be derived from
existing attributes. RFC 2252 should be considered required reading
in this case, as it describes the various LDAPv3 syntaxes and
matching rules. For example, you could create a new attribute named
plainjoePath to store a single, case-sensitive
pathname by defining the following in
plainjoe.schema:

## Store a case-sensitive path to a directory. 
attributetype( 1.3.6.1.4.1.7165.1.1.2.1  NAME 'plainjoePath'
DESC 'A directory on disk'
SUBSTR caseExactIA5SubstringsMatch
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )






Servers other than OpenLDAP may use a different schema syntax for
representing object classes. You should refer to your directory
server's vendor documentation for more details.
General LDAPv3 schema syntax is described in RFC 2252.

Finally, you need to add an include line in
slapd.conf for your new schema file:

# /usr/local/etc/openldap/slapd.conf
# Global section
## Include the minimum schema required.
include     /usr/local/etc/openldap/schema/core.schema
## **NEW**
## Include support for special plainjoe objects.
include     /usr/local/etc/openldap/schema/plainjoe.schema

After restarting slapd, you can now add objects
of the type plainjoePerson or include the
plainjoePath in entries that use the
extensibleObject class.


/ 129